<?php
/************************************************************************
 Omnitrix - PHP Development Framework
 Copyright (C) 2012-2018 amonest(eastson@outlook.com)

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
************************************************************************/

// function otx_session_init()
// {
// 	$_SESSION = array();

// 	$token = otx_cookie_get(otx_config_string('session_cookie'));
// 	if (null !== $token) {
// 		$sql = 'SELECT * FROM #system_session# WHERE token = ?';
// 		$row = otx_db_fetch_row($sql, $token);
// 		if ($row) {
// 			if ($row['expiry'] >= otx_time_stamp()) {
// 				$_SESSION = unserialize($row['value']);
// 			} else {
// 				$expiry = true;
// 			}
// 		} else {
// 			$token = null;
// 			$expiry = true;
// 		}
// 	}

// 	otx_param_set('session_token', $token);
// 	otx_param_set('session_new', false);
// 	otx_param_set('session_expiry', false);
// 	register_shutdown_function('otx_session_save');
// }



function otx_session_save()
{
	$array = array(
		'token' => otx_session_token(),
		'value' => serialize($_SESSION),
		'expiry' => $GLOBALS['_XTIMESTAMP'] + otx_config_int('system_session_lifetime') * 60
	);
	otx_db_replace('#system_session#', $array);
	otx_session_gc();
}

function otx_session_gc()
{
	$sql = 'DELETE FROM #system_session# WHERE expiry < ?';
	otx_db_query($sql, $GLOBALS['_XTIMESTAMP']);
}

function otx_session_token($token = null)
{
	if (null === $token) {
		return otx_cookie_get(otx_config_string('system_session_cookie'));
	}
	otx_cookie_set(otx_config_string('system_session_cookie'), $token);
}

function otx_session_is_admin()
{
	return otx_session_user_id() !== null;
}

function otx_session_is_super()
{
	return otx_session_group_id() === 1;;
}

function otx_session_user_id()
{
	if (isset($_SESSION['user_id'])) {
		return intval($_SESSION['user_id']);
	}
	return null;
}

function otx_session_user_name()
{
	$user_info = otx_param_array('_user_info');
	if (isset($user_info['user_name'])) {
		return $user_info['user_name'];
	} else {
		return null;
	}
}

function otx_session_user_display()
{
	$user_info = otx_param_array('_user_info');
	if (isset($user_info['display_name'])) {
		return $user_info['display_name'];
	} else {
		return null;
	}
}

function otx_session_group_id()
{
	$user_info = otx_param_array('_user_info');
	if (isset($user_info['group_id'])) {
		return intval($user_info['group_id']);
	} else {
		return null;
	}
}

function otx_session_permission($permission)
{
	return false;
}

function otx_session_login($username, $password)
{
	if (isset($_SESSION['user_id'])) {
		otx_session_logout();
	}

	if (is_string($username)) {
		$sql = 'SELECT u.*,
					g.group_permissions
				FROM #system_user# u
				LEFT JOIN #system_group# g ON g.group_id = u.group_id
				WHERE u.user_name = ?';
		$row = otx_db_fetch_row($sql, $username);
		if (!$row) {
			return -1; // Invalid user name
		}

		if ($row['status'] <> 1) {
			return -2; // Invalid user status
		}

		if ($row['password'] != otx_string_crypt($password)) {
			return -3; // Invalid password
		}

		$bind['last_visited_time'] = $GLOBALS['_XTIMESTAMP'];
		$bind['last_visited_ip'] = otx_request_client_ip();
		otx_db_update('#system_user#', $bind, array('user_id' => $row['user_id']));
	} else {
		$sql = 'SELECT u.*,
					g.group_permissions
				FROM #system_user# u
				LEFT JOIN #system_group# g ON g.group_id = u.group_id
				WHERE u.user_id = ?';
		$row = otx_db_fetch_row($sql, $username);
		if (!$row) {
			return -1; // Invalid user id
		}

		if ($row['status'] <> 1) {
			return -2; // Invalid user status
		}
	}

	$row['group_permissions'] = otx_string_unserialize($row['group_permissions']);
	otx_param_set('_user_info', $row);
	$_SESSION['user_id'] = $row['user_id'];
}

function otx_session_logout()
{
	unset($_SESSION['user_id']);
	otx_param_unset('_user_info');
}